Published 15:22 5 Apr 2024 GMT+1

Sinister Android app poses as major brand but could empty your bank

Don't get caught out by the malware

Tom Earnshaw

People who own an Android phone have been warned over a sinister piece of software that is disguising itself as a legitimate antivirus app.

The almost cruel masquerading act will see your phone infected by clicking on the app that you believe is going to help keep your phone free of viruses.

And it is sadly not a new phenomenon, with this kind of fake app scam being first spotted back in early 2021. It joins a very long list of ways scammers try and take over your phone, with one recent warning coming via WhatsApp.

Advert

By clicking on the new version of what is known as an Android banking trojan, you will open up your phone and its data to hackers who will then take your data and could even then empty your bank account with the details they've acquired.

Cybersecurity researchers from NCC Group’s Fox-IT were the first to warn about this kind of software.

Explaining, they said a new version the Vultur banking trojan has been detected with some significant changes to how it targets victims since first being spotted three years ago.

Nikolas Kokovlis/NurPhoto via Getty Images

They explain that previous versions of the Vultur banking trojan were found put on to peoples' phones via apps that were smuggled on to the Google Play Store.

Advert

Now, the updated app combines something called smishing - which is where you are sent fake mobile text messages to trick you in to downloading malware - and legitimate apps.

Reports have said one version of the malware portrays it to look like McAfee, a legitimate antivirus software you can download on to your phone to keep it safe.

Cyber-criminals will target a victim by sending them a warning of an unauthorised payment from their accounts.

A Samsung Galaxy phone that used an Android OS.

Joan Cros/NurPhoto via Getty Images

To fix it, you're then sent a phone number to call.

Advert

But this is a scam where the victims who take the bait are then told to download a rogue version of the McAfee Security app from the Play Store.

The apps are loaded on to the Play Store via a malware dropper called Brunhilda, which puts three kinds of malware on to your device in an attempt to try and take control of your phone.

Getty Stock Images

Those who fall victim will find their phones screen recorded by hackers, your keyboard tracked so as to know your passwords, and remote access of your device from anywhere in the world.

A Google spokesperson told BleepingComputer: "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.

Advert

"Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play."

Featured Image Credit: Nikolas Kokovlis/Joan Cros/NurPhoto via Getty Images

Topics: Crime, Phones, Samsung, Technology, UK News, US News, World News, Google

Tom Earnshaw

Tom joined LADbible Group in 2024, currently working as SEO Lead across all brands including LADbible, UNILAD, SPORTbible, Tyla, UNILAD Tech, and GAMINGbible. He moved to the company from Reach plc where he enjoyed spells as a content editor and senior reporter for one of the country's most-read local news brands, LancsLive. When he's not in work, Tom spends his adult life as a suffering Manchester United supporter after a childhood filled with trebles and Premier League titles. You can't have it all forever, I suppose.

@TREarnshaw

Home> News> Technology

Published 15:22 5 Apr 2024 GMT+1

Sinister Android app poses as major brand but could empty your bank

Don't get caught out by the malware

Tom Earnshaw

People who own an Android phone have been warned over a sinister piece of software that is disguising itself as a legitimate antivirus app.

The almost cruel masquerading act will see your phone infected by clicking on the app that you believe is going to help keep your phone free of viruses.

Advert

Cybersecurity researchers from NCC Group’s Fox-IT were the first to warn about this kind of software.

Explaining, they said a new version the Vultur banking trojan has been detected with some significant changes to how it targets victims since first being spotted three years ago.

Nikolas Kokovlis/NurPhoto via Getty Images

They explain that previous versions of the Vultur banking trojan were found put on to peoples' phones via apps that were smuggled on to the Google Play Store.

Advert

Now, the updated app combines something called smishing - which is where you are sent fake mobile text messages to trick you in to downloading malware - and legitimate apps.

Reports have said one version of the malware portrays it to look like McAfee, a legitimate antivirus software you can download on to your phone to keep it safe.

Cyber-criminals will target a victim by sending them a warning of an unauthorised payment from their accounts.

Joan Cros/NurPhoto via Getty Images

To fix it, you're then sent a phone number to call.

Advert

But this is a scam where the victims who take the bait are then told to download a rogue version of the McAfee Security app from the Play Store.

The apps are loaded on to the Play Store via a malware dropper called Brunhilda, which puts three kinds of malware on to your device in an attempt to try and take control of your phone.

Getty Stock Images

Those who fall victim will find their phones screen recorded by hackers, your keyboard tracked so as to know your passwords, and remote access of your device from anywhere in the world.

Advert

"Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play."

Featured Image Credit: Nikolas Kokovlis/Joan Cros/NurPhoto via Getty Images

Topics: Crime, Phones, Samsung, Technology, UK News, US News, World News, Google

Tom Earnshaw

@TREarnshaw